Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of...

42
Phil Neray, VP of Industrial Cybersecurity SANS Webinar on NIST Recommendations for IIoT & ICS Security With Behavioral Anomaly Detection (BAD) February 28, 2019 Continuous Asset Discovery, Risk Management & Threat Monitoring for IIoT & ICS Networks

Transcript of Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of...

Page 1: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

Phil Neray, VP of Industrial Cybersecurity

SANS Webinar on NIST Recommendations for IIoT & ICS SecurityWith Behavioral Anomaly Detection (BAD)

February 28, 2019

Continuous Asset Discovery, Risk Management & Threat Monitoring for IIoT & ICS Networks

Page 2: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

2

CyberX at a Glance

Only industrial platform built by blue-team experts with a track record defending critical national infrastructure

Founded in 2013

Global Presence• Boston (HQ)• Chicago• Houston• Florida• London• Paris• Munich• Tokyo• Israel

Partnerships with leading security

companies & MSSPs worldwide

Simplest, mostmature and most

interoperablesolution

2

Only IIoT & ICS security firm with

a patent for its ICS-aware threat

analytics

Page 3: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

Unified IT/OT Security Monitoring & Governance

3

Page 4: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

Partnered with Global Technology Leaders

4

Page 5: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

Challenges We Address for Clients

• What devices do I have, how are they connected — and how are they communicating with each other?

• What are the vulnerabilities and risks to our most valuable assets — and how do I prioritize mitigation?

• Do we have any ICS threats in our network — and how do we quickly respond to them?

• How can I leverage my existing IT security investments — people, training & tools — to secure my OT infrastructure?

Continuous Threat Monitoring,Incident Response & Threat Hunting

Asset Discovery Risk & Vulnerability Management

Unified IT/OT Security Monitoring & Governance

5

Page 6: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

Most Recognized ICS Threat IntelligenceContinuously Discovering New ICS Zero-Day Vulnerabilities

CyberXthreat research

featured in Chapter 7

ICSA-15-300-03ABUFFER OVERFLOW

ICSA-15-351-01BUFFER OVERFLOW

ICSA-17-087-02ARBITRARY FILE UPLOAD

BUFFER OVERFLOW

ICSA-18-228-01UNCONTROLLED SEARCH PATH

ELEMENT, RELATIVE PATH TRAVERSAL, IMPROPER PRIVALAGE

MANAGEMENT, STACK-BASEDBUFFER OVERFLOW

ICSA-17-339-01DIMPROPER INPUT VALID (DDoS)

ICSA-16-306-01BUFFER OVERFLOW

ICSA-16-026-02BUFFER OVERFLOW

ICSA-17-278-01ABUFFER OVERFLOW

6

Page 7: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

Simple, Non-Invasive, Agentless — No Rules or Signatures

CMDB asset data, firewall rules, etc.(OPTIONAL)

Proprietary Deep Packet Inspectionand Network Traffic Analysis (NTA)

OT Network

NetworkTraffic Data

SPAN port on network switch

7

Page 8: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

CyberX Platform Architecture

8

CORE CAPABILITIES

IP Network & SerialDevice Dissectors

Embedded Knowledge of ICS Devices & Protocols

Proprietary ICS Threat Intelligence & Vulnerability Research

ICS MalwareAnalysis Sandbox

CYBERX CENTRAL MANAGEMENT

SELF-LEARNING ANALYTICS ENGINES

Network Traffic Analysis (NTS)

Data Mining Infrastructure

Behavioral Anomaly Detection

Protocol Violation Detection

IT & OT Malware Detection

Unusual M2M Communication

Detection

Operational Incident

Detection

CAPABILITIES & USE CASES

ICS Asset Management

ICS Risk & Vulnerability Management with Threat Modeling

ICS Threat Monitoring &

Detection

ICS Incident Response & Threat

Hunting

SOC Integration & REST APIs

SIEMTicketing & OrchestrationFirewalls & NACSecure Remote Access

Page 9: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

Malware-Free Attacks Are Growing — Why BAD is Needed Now

9Source: https://www.crowdstrike.com/resources/reports/2019-crowdstrike-global-threat-report/

“So the important question to ask is not, ‘Can you prevent the initial compromise?’ — that may be an impossibility. To be successful at

stopping breaches, an organization needs to detect, investigate, and remediate or contain the threat as quickly as possible.”

Malware-Free Examples• Stolen credentials• PowerShell• Router compromises

Page 10: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

CyberX Global ICS & IIoT Risk Report — Top Data PointsBased on traffic data collected from 850+ production ICS networks across 6 continents and all sectors (Energy & Utilities, Oil & Gas, Pharmaceuticals, Chemicals, Manufacturing, Mining)

Download full report: cyberx-labs.com/risk-report-2019

Anti-Anti-Virus Mythical Air-Gap Broken Windows Hiding in Plain Sight

43%57% Automatic

updates detectedNo automatic

updates detected

60%40%

No internet connections

Internet connections

detected

47%53% Only modern

Windows versions

Sites with unsupported

Windows boxes

31%

69%Encrypted passwords

Plain-text passwords

10

Page 11: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

The TRITON attack on a petrochemical facility “had a deadly goal … it was not designed to simply destroy

data or shut down the plant … it was meant to sabotage the firm’s operations and trigger an explosion.”

The New York Times

https://www.nytimes.com/2018/03/15/technology/saudi-arabia-hacks-cyberattacks.html11

Page 12: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

L4 L3

L2

L1 L0

12

TRITON Kill Chain

Steal OT credentials1

Deploy PC malware2 3

Install RAT in safety PLC4

Disable safety PLC & launch 2nd

cyberattackTriStationProtocol

Page 13: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

CyberX Threat Intelligence: Reverse-Engineering TRITONGetMPStatus packet structure:

https://cyberx-labs.com/en/blog/triton-post-mortem-analysis-latest-ot-attack-framework/

3Install RAT in safety PLC

Page 14: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

New TRITON Information from S4x19 Conference

• First incident actually 2 months earlier — in June 2017• Plant shutdown for 1 week when safety controller tripped• Automation vendor concluded it was mechanical failure

• 2nd incident affected (6) safety controllers — not just two• Caused another 1-week shutdown — hundreds of $ million from downtime & cleanup• Danger from toxic hydrogen sulfide gases

• Incident response uncovered multiple red flags• Misconfigured firewalls enabled attackers to move from IT network to DMZ to OT network• AV alerts on workstations about Mimikatz credential stealing malware were ignored• Ongoing alerts about RUN/PROGRAM key in unsafe position were also ignored — enabled

attackers to upload malicious backdoor into safety controller• Suspicious RDP sessions to plant's engineering workstations from IT network

• True lesson = lack of clear roles: Who is responsible for ensuring security controls are properly implemented & effective — IT, OT, integrator, or automation vendor?

https://www.darkreading.com/attacks-breaches/triton-trisis-attack-was-more-widespread-than-publicly-known/d/d-id/1333661https://www.cyberscoop.com/trisis-investigator-saudi-aramco-schneider-electric-s4x19/

https://www.eenews.net/energywire/stories/106011542314

Page 15: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

Threat Anomaly Scenarios Detected by CyberX in NIST Report• Unauthorized Device Is Connected to the Network • Unencrypted HTTP Credentials• Unauthorized Ethernet/IP Scan of the Network• Unauthorized SSH Session Is Established with Internet-Based Server• Data Exfiltration to the Internet via DNS Tunneling• Unauthorized PLC Logic Download• Undefined Modbus TCP Function Codes Transmitted to PLC• Data Exfiltration to the Internet via Secure Copy Protocol• Virus Test File Is Detected on the Network• Denial-of-Service Attack Is Executed Against the ICS Network• Data Exfiltration Between ICS Devices via UDP• Invalid Credentials Are Used to Access a Networking Device• Brute-Force Password Attack Against a Networking Device• Unauthorized PLC Logic Update — Robotics System• Unauthorized PLC Logic Update – Process Control System

15

Page 16: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

CyberX Event Timeline

16

Page 17: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

Unauthorized Device Is

Connected to the Network

17

This anomaly was executed on the PCS. The engineering laptop (Windows 7) was removed from the network during the baseline analysis phase of the product and was later connected to VLAN-2 to execute the anomaly. After the initial connection, background traffic was automatically generated onto the network by the laptop.

Page 18: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

Unencrypted Credentials

18

This anomaly was executed on the CRS. An Apache HTTP server was configured on Machining Station 1 and contained a directory that was protected by HTTP basic

authentication. The web pages hosted in the protected directory enabled an operator to remotely view machine status information. The connection was initiated from the Firefox

browser on the engineering workstation.

Page 19: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

Unauthorized Ethernet/IP

Scan

19

During the reconnaissance phase, an attacker may attempt to locate vulnerable services in an ICS network and will likely include probing for ICS-specific services (e.g., Ethernet/IP). Once a

vulnerable service, host, or device is discovered, an attacker may attempt to exploit that entity.

Page 20: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

Unauthorized SSH Session

20

This anomaly was executed on the PCS. The OpenSSH suite was installed and configured on a server with an internally routed public IP address (129.6.1.2). The open-source SSH

client PuTTY was used to establish a connection with the SSH service from the engineering workstation to the internet-based server.

Page 21: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

Data Exfiltration to Internet

via DNS Tunneling

21

Attacks against ICS with the goal of information gathering, must (at some point) attempt to exfiltrate sensitive or proprietary data from the ICS network, potentially utilizing the internet as a transport

mechanism. Monitoring for ICS devices communicating to other devices over the internet can help detect data exfiltration events, especially if the affected device does not normally communicate over the internet.

Page 22: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

Unauthorized PLC Logic Download

22

Many ICS devices provide services to remotely update control logic over the network. These network services can also provide a mechanism for

attackers to replace valid control logic with malicious logic if the device is not protected. The Allen-Bradley software Studio 5000 was used to

download the logic from the PCS PLC to the engineering workstation. Physical access to the PLC was required in order to change the operation

mode from RUN to REMOTE RUN.

Page 23: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

Undefined Modbus TCP

Function Codes Are

Transmitted to PLC

23

Communications that do not conform to the defined specifications of the industrial protocol may cause an ICS device to act in an undefined or unsafe manner. Depending on the manufacturing process and the ICS device, the nonconforming communications may or may not be impactful, but investigation into the cause is warranted. Python was used to create a Modbus TCP message

with the undefined function code value of 49 (0x31). The message was generated by the CybersecVM and was transmitted to the PLC Modbus server.

Page 24: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

Brute-Force Password

Attack

24

Compiled lists containing default user credentials are freely available on the internet. Given enough time, an attacker may be able to access vulnerable systems by using a brute-force

password attack. The software Nmap was used to generate the brute-force password attack by using the script telnet-brute. The attack was pointed at the PCS router, which has a Telnet service for remote configuration and is protected by a password. The service was not configured to limit

the number of authentication attempts.

Page 25: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

Full Alert Flow

25

Page 26: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

26

Page 27: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

27

Page 28: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

How CyberX Supports the NIST Cybersecurity Framework

28

ThreatInsight

Threat Prevention

Threat Detection

Threat Response

Threat RecoveryIdentify Prevent Detect Respond Recover

Automated ICS threat modeling

ICS vulnerability management &

mitigation

Integration with NGFWs

Continuous monitoring with

patented analytics & self-learning for

anomaly detection

Deep forensic & threat hunting

tools

Native apps for IBM QRadar &

Splunk

Integration with ArcSight, RSA, LogRhythm,

McAfee

Asset discovery

Network topology mapping

Automated reporting to

stakeholders

ServiceNow integration

IBM Resilient integration

Page 29: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

CyberX Integration with Palo Alto Networks• Accelerate time between threat detection & prevention• Automatically generate firewall policies to block sources of malicious traffic

identified by CyberX — use cases:• Unauthorized PLC changes• Protocol violations — can indicate malicious attempt

to compromise device vulnerabilities (e.g., buffer overflow)• PLC Stop commands — can break production• Malware — e.g., programs using EternalBlue exploits• Scanning malware — can indicate cyber reconnaissance in early stages of breach

• Implement granular network segmentation based on asset profiles• CyberX tags discovered assets with ICS properties (protocols, type, authorized, etc.)• Rapidly create asset-based segmentation policies & Dynamic Access Groups (DAGs)

29

Page 30: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

CyberX Integration with Palo Alto App Framework (Cortex)• Analyze data collected by Palo Alto appliances already deployed in network• Native CyberX app now available from App Framework portal• https://apps.paloaltonetworks.com/marketplace/cyberx

30

Page 31: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

Applying INL’s CCE Methodology to Securing ICS

CCE = Consequence-Driven Cyber-informed Engineering 1. Identify Your Crown Jewel Processes2. Map the Digital Terrain3. Illuminate the Likely Attack Paths4. Generate Options for Mitigation and Protection

“If you’re in critical infrastructure you should plan to be targeted. And if you’re targeted, you will be compromised. It’s that simple.”

Andy Bochman, Senior Grid Strategist for National & Homeland Security, INL

https://cyberx-labs.com/resources/sans-webinar-cce-inl-new-approach-securing-critical-industrial-infrastructure/

Page 32: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

Simulating Attack Paths to Crown Jewel Assets

Page 33: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

CyberX shows visual simulation of entire attack chain, enabling

“what-if” scenarios for remediation and mitigation

(e.g., zoning, patching)

Choose your most critical “crown jewel” assets

as targets

CyberX finds all potential attack paths, ranked by risk

Industry Unique — Automated ICS Threat Modeling

Page 34: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

More than 1,200 Installations Worldwide

• 2 of the top 5 US energy utilities

• Top 5 global pharmaceutical company

• Top 5 US chemical company

• National energy pipeline & distribution company

• Top 3 UK gas distribution utility

• National electric utilities across EMEA & Asia-Pacific

• Largest water desalination plant in western hemisphere

• …and more

1

Page 35: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

Ariel Litvin | CISOFirst Quality Enterprises

Consumer goods manufacturer with nearly 5,000 employees

What Manufacturing Clients are Saying About CyberX

“Reducing risk to our production operations is smart business. CyberX gives us deep visibility into our OT environment and continuous OT risk management, while

enabling unified security monitoring and governance across both IT and OT.”

35

Page 36: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

Manufacturing Case Study

• CyberX ICS asset/vulnerability management & threat monitoring platform

• Deployed in multiple plants with 8,000+ devices monitored• Centralized management provides global command-and-

control across all facilities

• CyberX integrated with SOC workflows and security stack• IBM QRadar (SIEM)• Siemplify (security automation and orchestration)• PAN NGFW infrastructure (prevention)

36

Page 37: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

37

CyberX Services + Support Portfolio

Technical support via phone/email

Online help & knowledge base

Case management

Monthly “tips-and-tricks” webinar

Hardware support via Dell & Arrow

Optional services

• Online & onsite training• Onboarding & Deployment Support• Network Architecture Planning• Onsite Incident Response• Forensic Analysis• SOC Enablement for ICS• 24x7 coverage & dedicated TAM

Page 38: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

Most Mature & Interoperable Solution

STRATEGIC

Reduce RiskPrevent costly production outages, safety & environmental failures, theft of corporate IP

TACTICAL

Gain VisibilityAuto-discover all OT assets & how they communicate

Seamless IntegrationIntegrate with all OT protocols and equipment, SOC workflows & existing security stacks

Prioritize MitigationsIdentify critical vulnerabilities & attack vectors

Detect & Respond to Threats QuicklyContinuously monitor for malware, targeted attacks & equipment failures

OPERATIONAL

Zero ImpactNon-intrusive & agentless

2138

Page 39: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

For More Information

ICS & IIoT Security Knowledge Base• Threat & vulnerability research• Black Hat research presentations• Transcripts & recordings from past SANS webinars• CyberX “Global ICS & IIoT Risk Report”• Presenting OT Risk to the Board• NISD Executive Guide

See Us at Upcoming Events• SANS ICS Security Summit & Training (Mar 18-19, Orlando)• Cyber Security for Critical Assets (CS4CA) (Mar 26-27, Houston)• ICS-JWG 2019 Spring Meeting (April 23-25, Kansas City)• ICS Cyber Security (April 24-26, London)• Public Safety Canada, ICS Security Symposium (May 29-30, Charlottetown)• Palo Alto Network IGNITE US (June 3-6, Austin)• API-IOG Cybersecurity Europe (June 19-20, London)

CyberX vulnerability research featured in Chapter 7 — free

download from CyberX

Page 40: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

THANK YOU

[email protected]

Page 41: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

Appendix

41

Page 42: Continuous Asset Discovery, Risk Management & Threat … · 2019-03-05 · Phil Neray, VP of Industrial Cybersecurity. SANS Webinar on NIST Recommendations for IIoT & ICS Security.

What Clients are Saying About CyberX

"As a UK gas distribution network, SGN relies on CyberX to deliver 24/7 visibility into our OT assets, vulnerabilities,

and threats -- across thousands of distributed networks --with zero impact on operations."

Mo Ahddoud, CISOSGN

42